Sucuri Security’s 2021 Website Threat Research Report has revealed that payment card skimmers are becoming more common in exploit kits affecting WordPress websites, and that attackers are spending more time customizing them to avoid detection.
The company says that they expect skimmers to play an even larger role in website infections in 2022. Current attack trends point to attackers targeting sites using Magento, OpenCart, PrestaShop, and those using the WooCommerce plugin for WordPress.
Administrators of websites using popular content management systems (CMS) and shopping cart software should layer multiple defensive controls to harden them against attacks.
- Regularly update the CMS, plugins, themes and extensions they use
- Uninstall packages that are no longer useful
- Quickly implement patches when vulnerabilities in the CMS and components they use are fixed
- Use unique, complex and long passwords to secure their administrator account
- Use security plugins to increase defenses (for example, to add multi-factor authentication to their WordPress administrator panel)
- Use a web application firewall to block attack attempts